<?php
/* 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 * Description of login
 *
 * @author Andi
 */

include_once("database.php");

class login extends database {
    //put your code here
    var $myUsername;
    var $myPassword;
    var $myRole;

    function  __construct() {
        $this->connect();
    }


    function login($myusername,$mypassword){
        // To protect MySQL injection  (more detail about MySQL injection)
        $myusername = stripslashes($myusername);
        $mypassword = stripslashes($mypassword);
        $myusername = mysql_real_escape_string($myusername);
        $mypassword = mysql_real_escape_string($mypassword);

        $sql="SELECT * FROM user WHERE user_name='$myusername' and password='$mypassword'";
        $result=mysql_query($sql);

        // Mysql_num_row is counting table row
        $count=mysql_num_rows($result);
        // If result matched $myusername and $mypassword, table row must be 1 row
        $row = mysql_fetch_array($result);

        
        
        if($count==1 && $row['access_login']=='yes'){
            // Register $myusername, $mypassword and redirect to file "login_success.php"
            session_start();
            $this->myUsername = $myusername;
            $this->myPassword = $mypassword;
            $this->myRole     = $row['role'];
            $_SESSION['user_name']=$this->myUsername;
            $_SESSION['password']=$this->myPassword;
            $_SESSION['role']=$this->myRole;
            $this->setOnline($myusername);
            if ($this->myRole == 'admin') {
                header("location:profil.php");
            }else{
                header("location:profil.php");
            }
        }else {
            if ($row['access_login']=='no'){
                header("location:index.php?block=yes");
            }
            if ($count==0){
                header("location:index.php");
            }
        }
    }

    function showMyProfile($user_name,$password){
        $sql = "SELECT * FROM user WHERE user_name = '$user_name' AND password = '$password'";
        $result = mysql_query($sql);
        return $result;
    }

    function showOtherProfile($user_name,$url_photo){
        $sql = "SELECT * FROM user WHERE user_name = '$user_name' AND url_photo = '$url_photo'";
        $result = mysql_query($sql);
        return $result;
    }

    function showProfileByID($user_id){
        $sql = "SELECT * FROM user WHERE user_id = '$user_id'";
        $result = mysql_query($sql);
        return $result;
    }

    function showProfileByUserName($user_name){
        $sql = "SELECT * FROM user WHERE user_name = '$user_name'";
        $result = mysql_query($sql);
        return $result;
    }

    function isUserExist($user_name){
        $result = $this->showProfileByUserName($user_name);
        $count = mysql_num_rows($result);
        if ($count == 0){
            return false;
        }else{
            return true;
        }
    }

    function getFullName($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $full_name = $row['full_name'];
        return $full_name;
    }

    function getPassword($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $password = $row['password'];
        return $password;
    }

    function getBirthday($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $birthday = $row['birthday'];
        return $birthday;
    }

    function getLocation($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $location = $row['location'];
        return $location;
    }

    function getGender($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $gender = $row['gender'];
        return $gender;
    }

    function getEmail($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $email = $row['email'];
        return $email;
    }

    function getUrlPhoto($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $url_photo = $row['url_photo'];
        return $url_photo;
    }

    function getRole($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $role = $row['role'];
        return $role;
    }

    function getAccessLogin($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $access_login = $row['access_login'];
        return $access_login;
    }

    function getWallPrev($user_name){
        $result = $this->showProfileByUserName($user_name);
        $row = mysql_fetch_array($result);
        $wall_prev = $row['wall_prev'];
        return $wall_prev;
    }

    function logout($userName)
    {
        $this->setOffline($userName);
        session_destroy();
        header("location:index.php");
    }

    function setOnline($userName){
        $this->update('user', 'user_name', $userName, 'online', 'yes');
    }

    function setOffline($userName){
        $this->update('user', 'user_name', $userName, 'online', 'no');
    }
}

?>
